CVE-2015-4950 — MEDIUM (4.0)

Vulnerability Description

The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Tivoli Storage Fastback For Microsoft Exchange	6.1
Ibm	Tivoli Storage Flashcopy Manager For Microsoft Exchange Server	2.1
Ibm	Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server	6.1

Related Weaknesses (CWE)

CWE-200

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963629PatchVendor Advisory
http://www.securitytracker.com/id/1033652
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963629PatchVendor Advisory
http://www.securitytracker.com/id/1033652

FAQ

What is CVE-2015-4950?

CVE-2015-4950 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Ti...

How severe is CVE-2015-4950?

CVE-2015-4950 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4950?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Storage Fastback For Microsoft Exchange, Ibm Tivoli Storage Flashcopy Manager For Microsoft Exchange Server, Ibm Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server.